Privacy Policy

 

Table of contents

  • Pre­am­ble
  • Con­troller
  • Con­tact Infor­ma­tion of the Data pro­tec­tion officer
  • Overview of Pro­cess­ing Operations
  • Legal Bases for the Processing
  • Secu­ri­ty Precautions
  • Trans­mis­sion and Dis­clo­sure of Per­son­al Data
  • Use of Cook­ies and Cook­ie Man­age­ment Solution
  • Com­mer­cial Services
  • Pro­vi­sion of Online ser­vices and Web hosting
  • Spe­cial Notes on Appli­ca­tions (Apps)
  • Con­tact­ing us
  • Video Con­fer­ences, Online Meet­ings, Webi­na­rs and Screen-Sharing
  • Job Appli­ca­tion Process
  • Cloud Ser­vices
  • Newslet­ter and Elec­tron­ic Communications
  • Com­mer­cial Com­mu­ni­ca­tion by E‑Mail, Postal Mail, Fax or Telephone
  • Sur­veys and Questionnaires
  • Web Analy­sis, Mon­i­tor­ing and Optimization
  • Online­mar­ket­ing
  • Rat­ing Platforms
  • Pro­files in Social Net­works (Social Media)
  • Plu­g­ins and embed­ded func­tions and content
  • Plan­ning, Orga­ni­za­tion and Utilities
  • Dele­tion of Data
  • Changes and Updates to the Pri­va­cy Policy
  • Rights of Data Subjects
  • Ter­mi­nol­o­gy & Definitions

 

Preamble

With the fol­low­ing data pro­tec­tion dec­la­ra­tion, we would like to inform you about the types of your per­son­al data (here­inafter also referred to as “data”) that we process, for what pur­pos­es and to what extent in the con­text of pro­vi­sion of our application.

Any terms used here­after are not gender-specific.

As at 30th June 2021

Con­troller

Val­divia Con­sult­ing GmbH
Opern­platz 14
60313 Frank­furt am Main
Germany

Reg­is­ter Court: Berlin Local Court, HRB 255384 B
Reg­is­tered office of the com­pa­ny: Berlin

Autho­rised Rep­re­sen­ta­tive: Mr. Daniel Bauer
Email address: kontakt@valdivia-consulting.com
Phone: +49 69 348 685 320
Web­site:  www.valdivia-consulting.com

Con­tact infor­ma­tion of the data pro­tec­tion officer

We have appoint­ed an exter­nal data pro­tec­tion offi­cer, Patrick Knit­tel (Knit­tel Acad­e­my for Data Pro­tec­tion & Com­pli­ance). You reach him by email to dsb@knittel-compliance.de.

 

Overview of processing operations

The fol­low­ing table sum­maris­es the types of data processed, the pur­pos­es for which they are processed and the con­cerned data subjects.

Cat­e­gories of Processed Data

  • Inven­to­ry data (e.g. names, address­es, etc.)).
  • Can­di­date data (e.g. names, addresses).
  • Appli­cant data (e.g. names, addresses).
  • Job appli­cant details (e.g. per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by applicants).
  • Con­tent data (e.g. text input, pho­tographs, videos).
  • Con­tact data (e.g. e‑mail, tele­phone numbers).
  • Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times).
  • Loca­tion data (Infor­ma­tion on the geo­graph­i­cal posi­tion of a device or person).
  • Con­tract data (e.g. con­tract object, dura­tion, cus­tomer category).
  • Pay­ment Data (e.g. bank details, invoic­es, pay­ment history).

 

Cat­e­gories of Data Subjects

  • Employ­ees (e.g. Employ­ees, job applicants).
  • Job appli­cants and candidates
  • Busi­ness and con­trac­tu­al partners.
  • Prospec­tive customers.
  • Com­mu­ni­ca­tion part­ners (recip­i­ents of e‑mails, let­ters, etc.).
  • Cus­tomers
  • Users (e.g. web­site vis­i­tors, users of online services).

 

Pur­pos­es of Processing

  • Pro­vi­sion of our online ser­vices and usability.
  • Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activities).
  • Job Appli­ca­tion Process (Estab­lish­ment and pos­si­ble lat­er exe­cu­tion as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment relationship).
  • Office and organ­i­sa­tion­al procedures.
  • Direct mar­ket­ing (e.g. by e‑mail or postal).
  • Feed­back (e.g. col­lect­ing feed­back via online form).
  • Inter­est-based and behav­iour­al marketing.
  • Con­tact requests and communication.
  • Pro­fil­ing (Cre­at­ing user profiles).
  • Remar­ket­ing.
  • Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty measures.
  • Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cookies).
  • Pro­vi­sion of con­trac­tu­al ser­vices and cus­tomer support.
  • Man­ag­ing and respond­ing to inquiries.

 

Legal Bases for the Processing

In the fol­low­ing we inform you about the legal basis of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), on the basis of which we process per­son­al data. Please note that, in addi­tion to the reg­u­la­tions of the GDPR, the nation­al data pro­tec­tion reg­u­la­tions may apply in your coun­try or in our coun­try of res­i­dence or domi­cile. If, in addi­tion, more spe­cif­ic legal bases are applic­a­ble in indi­vid­ual cas­es, we will inform you of these in the data pro­tec­tion declaration.

  • Con­sent (Arti­cle 6 (1) (a) GDPR) — The data sub­ject has giv­en con­sent to the pro­cess­ing of his or her per­son­al data for one or more spe­cif­ic purposes.
  • Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR) — Per­for­mance of a con­tract to which the data sub­ject is par­ty or in order to take steps at the request of the data sub­ject pri­or to enter­ing into a contract.
  • Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR) — Pro­cess­ing is nec­es­sary for com­pli­ance with a legal oblig­a­tion to which the con­troller is subject.
  • Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR) — Pro­cess­ing is nec­es­sary for the pur­pos­es of the legit­i­mate inter­ests pur­sued by the con­troller or by a third par­ty, except where such inter­ests are over­rid­den by the inter­ests or fun­da­men­tal rights and free­doms of the data sub­ject which require pro­tec­tion of per­son­al data.
  • Job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship (Arti­cle 9 (2)(b) GDPR) — If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can car­ry out the oblig­a­tions and exer­cis­ing spe­cif­ic rights of the con­troller or of the data sub­ject in the field of employ­ment and social secu­ri­ty and social pro­tec­tion law, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (2)(b) GDPR , in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons on the basis of Arti­cle 9 (2)© GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (2)(d) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (2)(a) GDPR.

 

Nation­al data pro­tec­tion reg­u­la­tions in Ger­many: In addi­tion to the data pro­tec­tion reg­u­la­tions of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion, nation­al reg­u­la­tions apply to data pro­tec­tion in Ger­many. This includes in par­tic­u­lar the Law on Pro­tec­tion against Mis­use of Per­son­al Data in Data Pro­cess­ing (Fed­er­al Data Pro­tec­tion Act — BDSG). In par­tic­u­lar, the BDSG con­tains spe­cial pro­vi­sions on the right to access, the right to erase, the right to object, the pro­cess­ing of spe­cial cat­e­gories of per­son­al data, pro­cess­ing for oth­er pur­pos­es and trans­mis­sion as well as auto­mat­ed indi­vid­ual deci­sion-mak­ing, includ­ing pro­fil­ing. Fur­ther­more, it reg­u­lates data pro­cess­ing for the pur­pos­es of the employ­ment rela­tion­ship (§ 26 BDSG), in par­tic­u­lar with regard to the estab­lish­ment, exe­cu­tion or ter­mi­na­tion of employ­ment rela­tion­ships as well as the con­sent of employ­ees. Fur­ther­more, data pro­tec­tion laws of the indi­vid­ual fed­er­al states may apply.

 

Security Precautions

We take appro­pri­ate tech­ni­cal and organ­i­sa­tion­al mea­sures in accor­dance with the legal require­ments, tak­ing into account the tech­ni­cal sta­tus quo, the costs of imple­men­ta­tion and the nature, scope, con­text and pur­pos­es of pro­cess­ing as well as the risk of vary­ing like­li­hood and sever­i­ty for the rights and free­doms of nat­ur­al per­sons, in order to ensure a lev­el of secu­ri­ty appro­pri­ate to the risk.

The mea­sures include, in par­tic­u­lar, safe­guard­ing the con­fi­den­tial­i­ty, integri­ty and avail­abil­i­ty of data by con­trol­ling phys­i­cal and elec­tron­ic access to the data as well as access to, input, trans­mis­sion, secur­ing and sep­a­ra­tion of the data. In addi­tion, we have estab­lished pro­ce­dures to ensure that data sub­jects’ rights are respect­ed, that data is delet­ed, and that we are pre­pared to respond to data threats rapid­ly. Fur­ther­more, we take the pro­tec­tion of per­son­al data into account as ear­ly as the devel­op­ment or selec­tion of hard­ware, soft­ware and ser­vice providers, in accor­dance with the prin­ci­ple of pri­va­cy by design and pri­va­cy by default.

SSL encryp­tion (https): In order to pro­tect your data trans­mit­ted via our online ser­vices in the best pos­si­ble way, we use SSL encryp­tion. You can rec­og­nize such encrypt­ed con­nec­tions by the pre­fix https:// in the address bar of your browser.

 

Processing and Disclosure of Personal Data

In the con­text of our pro­cess­ing of per­son­al data, it may hap­pen that the data is trans­ferred to oth­er places, com­pa­nies or per­sons or that it is dis­closed to them. Recip­i­ents of this data may include, for exam­ple, pay­ment insti­tu­tions with­in the con­text of pay­ment trans­ac­tions, ser­vice providers com­mis­sioned with IT tasks or providers of ser­vices and con­tent that are embed­ded in a web­site. In such a case, the legal require­ments will be respect­ed and in par­tic­u­lar cor­re­spond­ing con­tracts or agree­ments, which serve the pro­tec­tion of your data, will be con­clud­ed with the recip­i­ents of your data.

Data Trans­mis­sion with­in the Group of Com­pa­nies: We may trans­fer per­son­al data to oth­er com­pa­nies with­in our group of com­pa­nies or oth­er­wise grant them access to this data. Inso­far as this dis­clo­sure is for admin­is­tra­tive pur­pos­es, the dis­clo­sure of the data is based on our legit­i­mate busi­ness and eco­nom­ic inter­ests or oth­er­wise, if it is nec­es­sary to ful­fill our con­trac­tu­al oblig­a­tions or if the con­sent of the data sub­jects or oth­er­wise a legal per­mis­sion is present.

 

Use of Cookies and Cookie Management Solution

Cook­ies are text files that con­tain data from vis­it­ed web­sites or domains and are stored by a brows­er on the user’s com­put­er. A cook­ie is pri­mar­i­ly used to store infor­ma­tion about a user dur­ing or after his vis­it with­in an online ser­vice. The infor­ma­tion stored can include, for exam­ple, the lan­guage set­tings on a web­site, the login sta­tus, a shop­ping bas­ket or the loca­tion where a video was viewed. The term “cook­ies” also includes oth­er tech­nolo­gies that ful­fil the same func­tions as cook­ies (e.g. if user infor­ma­tion is stored using pseu­do­ny­mous online iden­ti­fiers, also referred to as “user IDs”).

The fol­low­ing types and func­tions of cook­ies are distinguished:

  • Tem­po­rary cook­ies (also: ses­sion cook­ies): Tem­po­rary cook­ies are delet­ed at the lat­est after a user has left an online ser­vice and closed his browser.
  • Per­ma­nent cook­ies: Per­ma­nent cook­ies remain stored even after clos­ing the brows­er. For exam­ple, the login sta­tus can be saved or pre­ferred con­tent can be dis­played direct­ly when the user vis­its a web­site again. The inter­ests of users who are used for range mea­sure­ment or mar­ket­ing pur­pos­es can also be stored in such a cookie.
  • First par­ty cook­ies: First-par­ty-Cook­ies are set by ourselves.
  • Third par­ty cook­ies: Third par­ty cook­ies are main­ly used by adver­tis­ers (so-called third par­ties) to process user information.
  • Nec­es­sary (also: essen­tial or vital) cook­ies: Cook­ies can be nec­es­sary for the oper­a­tion of a web­site (e.g. to save logins or oth­er user inputs or for secu­ri­ty reasons).
  • Sta­tis­tics, mar­ket­ing and per­son­al­i­sa­tion cook­ies: Cook­ies are also gen­er­al­ly used to mea­sure a website’s reach and when a user’s inter­ests or behav­iour (e.g. view­ing cer­tain con­tent, using func­tions, etc.) are stored on indi­vid­ual web­sites in a user pro­file. Such pro­files are used, for exam­ple, to dis­play con­tent to users that cor­re­sponds to their poten­tial inter­ests. This pro­ce­dure is also referred to as “track­ing”, i.e. track­ing the poten­tial inter­ests of users. If we use cook­ies or “track­ing” tech­nolo­gies, we will inform you sep­a­rate­ly in our pri­va­cy pol­i­cy or in the con­text of obtain­ing consent.

Infor­ma­tion on legal basis: The legal basis on which we process your per­son­al data with the help of cook­ies depends on whether we ask you for your con­sent. If this applies and you con­sent to the use of cook­ies, the legal basis for pro­cess­ing your data is your declared con­sent. Oth­er­wise, the data processed with the help of cook­ies will be processed on the basis of our legit­i­mate inter­ests (e.g. in a busi­ness oper­a­tion of our online ser­vice and its improve­ment) or, if the use of cook­ies is nec­es­sary to ful­fill our con­trac­tu­al obligations.

Reten­tion peri­od: Unless we pro­vide you with explic­it infor­ma­tion on the reten­tion peri­od of per­ma­nent cook­ies (e.g. with­in the scope of a so-called cook­ie opt-in), please assume that the reten­tion peri­od can be as long as two years.

Gen­er­al infor­ma­tion on with­draw­al of con­sent and objec­tion (Opt-Out): Depend­ing on whether pro­cess­ing is based on con­sent or legal per­mis­sion, you have the option at any time to object to the pro­cess­ing of your data using cook­ie tech­nolo­gies or to revoke con­sent (col­lec­tive­ly referred to as “opt-out”). You can ini­tial­ly explain your objec­tion using the set­tings of your brows­er, e.g. by deac­ti­vat­ing the use of cook­ies (which may also restrict the func­tion­al­i­ty of our online ser­vices). An objec­tion to the use of cook­ies for online mar­ket­ing pur­pos­es can be raised for a large num­ber of ser­vices, espe­cial­ly in the case of track­ing, via the web­sites https://www.aboutads.info/choices/ and https://www.youronlinechoices.com. In addi­tion, you can receive fur­ther infor­ma­tion on objec­tions in the con­text of the infor­ma­tion on the used ser­vice providers and cookies.

Pro­cess­ing Cook­ie Data on the basis of con­sent: We use — with GDPR Cook­ie Com­pli­ance Plu­g­in (https://wordpress.org/plugins/gdpr-cookie-compliance/) — a cook­ie man­age­ment solu­tion in which users’ con­sent to the use of cook­ies, or the pro­ce­dures and providers men­tioned in the cook­ie man­age­ment solu­tion, can be obtained, man­aged and revoked by the users. The dec­la­ra­tion of con­sent is stored so that it does not have to be retrieved again and the con­sent can be proven in accor­dance with the legal oblig­a­tion. Stor­age can take place serv­er-sided and/or in a cook­ie (so-called opt-out cook­ie or with the aid of com­pa­ra­ble tech-nolo­gies) in order to be able to assign the con­sent to a user or and/or his/her device. Sub­ject to indi­vid­ual details of the providers of cook­ie man­age­ment ser­vices, the fol­low­ing infor­ma­tion applies: The dura­tion of the stor­age of the con­sent can be up to two years. In this case, a pseu­do­ny­mous user iden­ti­fi­er is formed and stored with the date/time of con­sent, infor­ma­tion on the scope of the con­sent (e.g. which cat­e­gories of cook­ies and/or ser­vice providers) as well as the brows­er, sys­tem and used end device.

  • Processed data types: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online services).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Commercial Services

We process data of our con­trac­tu­al and busi­ness part­ners, e.g. cus­tomers and inter­est­ed par­ties (col­lec­tive­ly referred to as “con­trac­tu­al part­ners”) with­in the con­text of con­trac­tu­al and com­pa­ra­ble legal rela­tion­ships as well as asso­ci­at­ed actions and com­mu­ni­ca­tion with the con­trac­tu­al part­ners or pre-con­trac­tu­al­ly, e.g. to answer inquiries.

We process this data in order to ful­fil our con­trac­tu­al oblig­a­tions, safe­guard our rights and for the pur­pos­es of the admin­is­tra­tive tasks asso­ci­at­ed with this data and the busi­ness-relat­ed organ­i­sa­tion. We will only pass on the data of the con­trac­tu­al part­ners with­in the scope of the applic­a­ble law to third par­ties inso­far as this is nec­es­sary for the afore­men­tioned pur­pos­es or for the ful­fil­ment of legal oblig­a­tions or with the con­sent of data sub­jects con­cerned (e.g. telecom­mu­ni­ca­tions, trans­port and oth­er aux­il­iary ser­vices as well as sub­con­trac­tors, banks, tax and legal advi­sors, pay­ment ser­vice providers or tax author­i­ties). The con­trac­tu­al part­ners will be informed about fur­ther pro­cess­ing, e.g. for mar­ket­ing pur­pos­es, as part of this pri­va­cy policy.

We inform the con­tract­ing part­ners before or in the con­text of the data col­lec­tion, e.g. in online forms by spe­cial mark­ing (e.g. col­ors), and/or sym­bols (e.g. aster­isks or the like), or per­son­al­ly which data Is nec­es­sary for the afore­men­tioned purposes,

We delete the data after expiry of statu­to­ry war­ran­ty and com­pa­ra­ble oblig­a­tions, i.e. in prin­ci­ple after expiry of 4 years, unless the data is stored in a cus­tomer account or must be kept for legal rea­sons of archiv­ing (e.g., as a rule 10 years for tax pur­pos­es). In the case of data dis­closed to us by the con­trac­tu­al part­ner with­in the con­text of an assign­ment, we delete the data in accor­dance with the spec­i­fi­ca­tions of the assign­ment, in gen­er­al after the end of the assignment.

If we use third-par­ty providers or plat­forms to pro­vide our ser­vices, the terms and con­di­tions and pri­va­cy poli­cies of the respec­tive third-par­ty providers or plat­forms shall apply in the rela­tion­ship between the users and the providers.

Client Por­tal (Cus­tomer Account): Con­trac­tu­al part­ners can cre­ate an account (Client Por­tal) with­in our CRM. If reg­is­tra­tion of a Client Por­tal is required, Con­trac­tu­al Part­ners will be informed of this and of the details required for reg­is­tra­tion. The Client Por­tal is not pub­lic and can­not be indexed by search engines. With­in the scope of reg­is­tra­tion and sub­se­quent logins and use of the Client Por­tal, we store the IP address­es of the cus­tomers togeth­er with the access times in order to be able to prove the reg­is­tra­tion and to pre­vent pos­si­ble mis­use of the cus­tomer account.

If cus­tomers have ter­mi­nat­ed their cus­tomer account, the data relat­ing to the cus­tomer account will be delet­ed, unless their reten­tion is required for legal rea­sons. It is the respon­si­bil­i­ty of the cus­tomer to back up their data upon suc­cess­ful ter­mi­na­tion of the cus­tomer account.

Con­sult­ing: We process the data of our clients, clients as well as inter­est­ed par­ties and oth­er clients or con­trac­tu­al part­ners (uni­form­ly referred to as “clients”) in order to pro­vide them with our con­sult­ing ser­vices. The data processed, the type, scope and pur­pose of the pro­cess­ing and the neces­si­ty of its pro­cess­ing are deter­mined by the under­ly­ing con­trac­tu­al and client relationship.

Inso­far as it is nec­es­sary for the ful­fil­ment of our con­tract, for the pro­tec­tion of vital inter­ests or by law, or with the con­sent of the client, we dis­close or trans­fer the client’s data to third par­ties or agents, such as author­i­ties, courts, sub­con­trac­tors or in the field of IT, office or com­pa­ra­ble ser­vices, tak­ing into account the pro­fes­sion­al requirements.

Recruit­ing and Con­sult­ing Ser­vices: As part of our ser­vices, which include in par­tic­u­lar the search for, con­tact­ing and place­ment of poten­tial job can­di­dates, we process the data of the job can­di­dates and the per­son­al data of poten­tial employ­ers or their employees.

We process the infor­ma­tion and con­tact data pro­vid­ed by the job can­di­dates for the pur­pos­es of estab­lish­ing, imple­ment­ing and, if nec­es­sary, ter­mi­nat­ing a job place­ment con­tract. In addi­tion, we can ask inter­est­ed par­ties ques­tions about the suc­cess of our recruit­ing ser­vices at a lat­er date, in accor­dance with legal requirements.

We process the data of the job can­di­dates, as well as of the employ­ers, in order to ful­fil our con­trac­tu­al oblig­a­tions, in order to process the requests, we receive for the place­ment of jobs to the sat­is­fac­tion of the par­ties involved.

We can record the recruit­ing process­es in order to be able to prove the exis­tence of the con­trac­tu­al rela­tion­ship and the con­sent of the inter­est­ed par­ties in accor­dance with the statu­to­ry account­abil­i­ty oblig­a­tions (Arti­cle 5 (2) GDPR). This infor­ma­tion will be stored for a peri­od of three to four years if we need to prove the orig­i­nal con­tact request (e.g. to prove eli­gi­bil­i­ty to con­tact the job candidates).

Fur­ther infor­ma­tion on com­mer­cial ser­vices: We process the data of our cus­tomers and clients (here­inafter uni­form­ly referred to as “cus­tomers”) in order to enable them to select, acquire or com­mis­sion the select­ed ser­vices or works and relat­ed tasks, as well as their pay­ment and deliv­ery, or exe­cu­tion or provision.

The required details are iden­ti­fied as such with­in the frame­work of the con­clu­sion of the order, order or com­pa­ra­ble con­tract and include the details required for ser­vice pro­vi­sion and invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any consultations.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tract data (e.g. con­tract object, dura­tion, cus­tomer cat­e­go­ry), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by applicants).
  • Data sub­jects: Prospec­tive cus­tomers, Busi­ness and con­trac­tu­al part­ners, Cus­tomers, Job applicants.
  • Pur­pos­es of Pro­cess­ing: Pro­vi­sion of con­trac­tu­al ser­vices and cus­tomer sup­port, Con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures, Man­ag­ing and respond­ing to inquiries, Secu­ri­ty measures.
  • Legal Basis: Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Com­pli­ance with a legal oblig­a­tion (Arti­cle 6 (1) © GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Provision of online services and web hosting

In order to pro­vide our online ser­vices secure­ly and effi­cient­ly, we use the ser­vices of one or more web host­ing providers from whose servers (or servers they man­age) the online ser­vices can be accessed. For these pur­pos­es, we may use infra­struc­ture and plat­form ser­vices, com­put­ing capac­i­ty, stor­age space and data­base ser­vices, as well as secu­ri­ty and tech­ni­cal main­te­nance services.

The data processed with­in the frame­work of the pro­vi­sion of the host­ing ser­vices may include all infor­ma­tion relat­ing to the users of our online ser­vices that is col­lect­ed in the course of use and com­mu­ni­ca­tion. This reg­u­lar­ly includes the IP address, which is nec­es­sary to be able to deliv­er the con­tents of online ser­vices to browsers, and all entries made with­in our online ser­vices or from websites.

E‑mail Send­ing and Host­ing: The web host­ing ser­vices we use also include send­ing, receiv­ing and stor­ing e‑mails. For these pur­pos­es, the address­es of the recip­i­ents and senders, as well as oth­er infor­ma­tion relat­ing to the send­ing of e‑mails (e.g. the providers involved) and the con­tents of the respec­tive e‑mails are processed. The above data may also be processed for SPAM detec­tion pur­pos­es. Please note that e‑mails on the Inter­net are gen­er­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed dur­ing trans­port, but not on the servers from which they are sent and received (unless a so-called end-to-end encryp­tion method is used). We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of e‑mails between the sender and recep­tion on our server.

Col­lec­tion of Access Data and Log Files: We, our­selves or our web host­ing provider, col­lect data on the basis of each access to the serv­er (so-called serv­er log files). Serv­er log files may include the address and name of the web pages and files accessed, the date and time of access, data vol­umes trans­ferred, noti­fi­ca­tion of suc­cess­ful access, brows­er type and ver­sion, the user’s oper­at­ing sys­tem, refer­rer URL (the pre­vi­ous­ly vis­it­ed page) and, as a gen­er­al rule, IP address­es and the request­ing provider.

The serv­er log files can be used for secu­ri­ty pur­pos­es, e.g. to avoid over­load­ing the servers (espe­cial­ly in the case of abu­sive attacks, so-called DDoS attacks) and to ensure the sta­bil­i­ty and opti­mal load bal­anc­ing of the servers.

  • Processed data types: Con­tent data (e.g. text input Into online forms), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online services).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Special Notes on Applications (Apps)

We process the data of the users of our appli­ca­tion to the extent nec­es­sary to pro­vide the users with the appli­ca­tion and its func­tion­al­i­ties, to mon­i­tor its secu­ri­ty and to devel­op it fur­ther. Fur­ther­more, we may con­tact users in com­pli­ance with the statu­to­ry pro­vi­sions if com­mu­ni­ca­tion is nec­es­sary for the pur­pos­es of admin­is­tra­tion or use of the appli­ca­tion. In addi­tion, we refer to the data pro­tec­tion infor­ma­tion in this pri­va­cy pol­i­cy with regard to the pro­cess­ing of user data.

Legal basis: The pro­cess­ing of data nec­es­sary for the pro­vi­sion of the func­tion­al­i­ties of the appli­ca­tion serves to ful­fil con­trac­tu­al oblig­a­tions. This also applies if the pro­vi­sion of the func­tions requires user autho­ri­sa­tion (e.g. release of device func­tions). If the pro­cess­ing of data is not nec­es­sary for the pro­vi­sion of the func­tion­al­i­ties of the appli­ca­tion, but serves the secu­ri­ty of the appli­ca­tion or our busi­ness inter­ests (e.g. col­lec­tion of data for the pur­pose of opti­mis­ing the appli­ca­tion or secu­ri­ty pur­pos­es), it is car­ried out on the basis of our legit­i­mate inter­ests. If users are express­ly request­ed to give their con­sent to the pro­cess­ing of their data, the data cov­ered by the con­sent is processed on the basis of the consent.

Com­mer­cial use: We process the data of the users of our appli­ca­tion, reg­is­tered and any test users (here­inafter uni­form­ly referred to as “users”) in order to pro­vide them with our con­trac­tu­al ser­vices and on the basis of legit­i­mate inter­ests to ensure the secu­ri­ty of our appli­ca­tion and to devel­op it fur­ther. The required details are iden­ti­fied as such with­in the scope of the con­clu­sion of a con­tract for the use of the appli­ca­tion, the con­clu­sion of an order, an order or a com­pa­ra­ble con­tract and may include the details required for the pro­vi­sion of ser­vices and any invoic­ing as well as con­tact infor­ma­tion in order to be able to hold any consultations.

Device autho­riza­tions for access to func­tions and data: The use of cer­tain func­tions of our appli­ca­tion may require access to the cam­era and the stored record­ings of the users. By default, these autho­riza­tions must be grant­ed by the user and can be revoked at any time in the set­tings of the respec­tive devices. The exact pro­ce­dure for con­trol­ling app per­mis­sions may depend on the user’s device and soft­ware. Users can con­tact us if they require fur­ther expla­na­tion. We would like to point out that the refusal or revo­ca­tion of the respec­tive autho­riza­tions can affect the func­tion­al­i­ty of our application.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Pay­ment Data (e.g. bank details, invoic­es, pay­ment his­to­ry), Con­tract data (e.g. con­tract object, dura­tion, cus­tomer category).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: Pro­vi­sion of con­trac­tu­al ser­vices and cus­tomer support.
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Contacting us

When con­tact­ing us (e.g. by con­tact form, e‑mail, tele­phone or via social media), the data of the inquir­ing per­sons are processed inso­far as this is nec­es­sary to answer the con­tact enquiries and any request­ed activities.

The response to con­tact enquiries with­in the frame­work of con­trac­tu­al or pre-con­trac­tu­al rela­tion­ships is made in order to ful­fil our con­trac­tu­al oblig­a­tions or to respond to (pre)contractual enquiries and oth­er­wise on the basis of the legit­i­mate inter­ests in respond­ing to the enquiries.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: Con­tact requests and communication.
  • Legal Basis: Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Video Conferences, Online Meetings, Webinars and Screen-Sharing

We use third-par­ty plat­forms and appli­ca­tions (here­inafter referred to as “third par­ty providers”) for the pur­pos­es of con­duct­ing video and audio con­fer­ences, webi­na­rs and oth­er types of video and audio meet­ings. When select­ing third-par­ty providers and their ser­vices, we observe the legal requirements.

In this con­text, data of the com­mu­ni­ca­tion par­tic­i­pants will be processed and stored on the servers of third par­ties, as far as these are part of com­mu­ni­ca­tion process­es with us. This data may include, but is not lim­it­ed to, reg­is­tra­tion and con­tact details, visu­al and voice con­tri­bu­tions, chat entries and shared screen content.

If users are referred to the third-par­ty providers or their soft­ware or plat­forms in the con­text of com­mu­ni­ca­tion, busi­ness or oth­er rela­tion­ships with us, the third-par­ty provider pro­cess­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty pur­pos­es, ser­vice opti­mi­sa­tion or mar­ket­ing pur­pos­es. We there­fore ask you to observe the data pro­tec­tion infor­ma­tion of the respec­tive third par­ty providers.

Infor­ma­tion on legal basis: If we ask the users for their con­sent to the use of third par­ty providers or cer­tain func­tions (e.g. per­mis­sion to record con­ver­sa­tions), the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­est in effi­cient and secure com­mu­ni­ca­tion with our com­mu­ni­ca­tion part­ners. In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy policy.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: Pro­vi­sion of con­trac­tu­al ser­vices and cus­tomer sup­port, Con­tact requests and com­mu­ni­ca­tion, Office and organ­i­sa­tion­al pro­ce­dures, Direct mar­ket­ing (e.g. by e‑mail or postal).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Job Application Process of candidates and applicants

The appli­ca­tion process requires appli­cants to pro­vide us with the data nec­es­sary for their assess­ment and selec­tion. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the infor­ma­tion con­tained therein.

In prin­ci­ple, the required infor­ma­tion includes per­son­al infor­ma­tion such as name, address, a con­tact option and proof of the qual­i­fi­ca­tions required for a par­tic­u­lar employ­ment. Upon request, we will be hap­py to pro­vide you with addi­tion­al information.

a) Job appli­ca­tion process for candidates
If made avail­able, appli­cants can sub­mit their appli­ca­tions via an online con­tact form. The data will be trans­mit­ted to us encrypt­ed accord­ing to the state of the art. Appli­cants can also send us their appli­ca­tions by e‑mail.

Please note, how­ev­er, that e‑mails on the Inter­net are gen­er­al­ly not sent in encrypt­ed form. As a rule, e‑mails are encrypt­ed dur­ing trans­port, but not on the servers from which they are sent and received. We can there­fore accept no respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the recep­tion on our server.

For the pur­pos­es of search­ing for can­di­dates, sub­mit­ting appli­ca­tions and select­ing can­di­dates, we may make use of the appli­cant man­age­ment and recruit­ment soft­ware, plat­forms and ser­vices of third-par­ty providers in com­pli­ance with legal requirements.

Can­di­dates are wel­come to con­tact us about how to sub­mit their appli­ca­tion or send it to us by reg­u­lar mail.

Pro­cess­ing of spe­cial cat­e­gories of data: If spe­cial cat­e­gories of per­son­al data with­in the mean­ing of Arti­cle 9 (1) GDPR (e.g. health data, such as severe­ly hand­i­capped sta­tus or eth­nic ori­gin) are request­ed from appli­cants with­in the frame­work of the appli­ca­tion pro­ce­dure, so that the respon­si­ble per­son or the per­son con­cerned can exer­cise his/her rights aris­ing from labour law and social secu­ri­ty and social pro­tec­tion law and ful­fil his/her duties in this regard, their pro­cess­ing shall be car­ried out in accor­dance with Arti­cle 9 (1)(b) GDPR, in the case of the pro­tec­tion of vital inter­ests of appli­cants or oth­er per­sons pur­suant to Arti­cle 9 (1)© GDPR or for the pur­pos­es of pre­ven­tive health care or occu­pa­tion­al med­i­cine, for the assess­ment of the employee’s abil­i­ty to work, for med­ical diag­nos­tics, care or treat­ment in the health or social sec­tor or for the admin­is­tra­tion of sys­tems and ser­vices in the health or social sec­tor in accor­dance with Arti­cle 9 (1)(h) GDPR. In the case of a com­mu­ni­ca­tion of spe­cial cat­e­gories of data based on vol­un­tary con­sent, their pro­cess­ing is car­ried out on the basis of Arti­cle 9 (1)(a) GDPR.

Dele­tion of Data:
In the event of a suc­cess­ful appli­ca­tion, the data pro­vid­ed by the appli­cants may be fur­ther processed by us for the pur­pos­es of the employ­ment relationship.

Admis­sion to a tal­ent pool: Admis­sion to a tal­ent pool, if offered, is based on con­sent. Appli­cants are informed that their con­sent to be includ­ed in the tal­ent pool is vol­un­tary, has no influ­ence on the cur­rent appli­ca­tion process and that they can revoke their con­sent at any time for the future.

Hav­ing reg­is­tered with us as a can­di­date, suit­able job offers will be coor­di­nat­ed with the can­di­date after pri­or autho­ri­sa­tion to do so and sub­mit­ted by e‑mail.

If the can­di­date is inter­est­ed, the respec­tive appli­ca­tion will be pre­sent­ed to a poten­tial employ­er for review and assessment.

Should an appli­ca­tion for a job offer not be suc­cess­ful and the can­di­date does not wish to be con­tact­ed fur­ther, the candidate’s data will be deleted.

How­ev­er, in the event that the can­di­date wish­es a con­tin­u­a­tion of our can­di­date ser­vices and/ or be approached In rela­tion to oth­er poten­tial employ­ers, fur­ther offers will be made to the can­di­date depend­ing on pro­file and inter­est — if available.

If the first place­ment or, if applic­a­ble, a fur­ther place­ment is not suc­cess­ful, the candidate’s data will remain in the can­di­date database.

The candidate’s data will be delet­ed from the can­di­date data­base auto­mat­i­cal­ly after a peri­od of two years, unless the can­di­date sup­plies a renew­al of his/her con­sent to the stor­age and pro­cess­ing of his/her data.

Can­di­date data will also be delet­ed if an appli­ca­tion is with­drawn, which can­di­dates are enti­tled to do at any time.

  • Processed data types: Job appli­cant details (e.g. Per­son­al data, postal and con­tact address­es and the doc­u­ments per­tain­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ter, cur­ricu­lum vitae, cer­tifi­cates, etc., as well as oth­er infor­ma­tion on the per­son or qual­i­fi­ca­tions of appli­cants pro­vid­ed with regard to a spe­cif­ic job or vol­un­tar­i­ly by applicants).
  • Data sub­jects: Candidates
  • Pur­pos­es of Pro­cess­ing: Job Appli­ca­tion Process (Rea­son for pro­cess­ing pur­pos­es and pos­si­ble lat­er per­for­mance as well as pos­si­ble lat­er ter­mi­na­tion of the employ­ment relationship).
  • Legal Basis: Job appli­ca­tion process as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship (Arti­cle 9 (2)(b) GDPR).

 

Ser­vices and ser­vice providers being used:

 

b) Job appli­ca­tion with Val­divia for an inter­nal vacancy
The appli­ca­tion pro­ce­dure requires that appli­cants pro­vide us with the data required for their assess­ment and selec­tion by e‑mail. The infor­ma­tion required can be found in the job descrip­tion or, in the case of online forms, in the details pro­vid­ed there.

In prin­ci­ple, the required infor­ma­tion includes per­son­al infor­ma­tion such as name, address, con­tact details and proof of the qual­i­fi­ca­tions required for a posi­tion. Upon request, addi­tion­al infor­ma­tion as to which details are required can be provided.

In case an online form Is pro­vid­ed,  appli­cants may express and sub­mit their inter­est by way of the afore­men­tioned form. The data will be trans­mit­ted to us in encrypt­ed form in accor­dance with the cur­rent tech­ni­cal means applied. Appli­cants can also sub­mit their appli­ca­tions by e‑mail. Please note, how­ev­er, that e‑mails sent via the Inter­net are gen­er­al­ly not encrypt­ed. As a rule, e‑mails are encrypt­ed in tran­sit, but not on the servers from which they are sent and received. There­fore, Val­divia can­not assume any respon­si­bil­i­ty for the trans­mis­sion path of the appli­ca­tion between the sender and the receipt on our server.

For the pur­pos­es of appli­cant search, sub­mis­sion of appli­ca­tions and selec­tion of appli­cants, third par­ty appli­cant man­age­ment or recruit­ment soft­ware and plat­forms and ser­vices may be used in accor­dance with cur­rent legislation,

Appli­cants are wel­come to con­tact Val­divia regard­ing the method of appli­ca­tion submission.

Noti­fi­ca­tion of the spe­cial cat­e­gories of data and their pro­cess­ing as reg­u­lat­ed by Art. 9 para. 2 lit. a. GDPR.

Dele­tion of data: In the event of a suc­cess­ful appli­ca­tion, the data pro­vid­ed by the appli­cants may be fur­ther processed by us for the pur­pos­es of the employ­ment relationship.

Reg­is­tra­tion in applicant/talent pool: Pri­or con­sent is a pre­req­ui­site for reg­is­tra­tion in an appli­cant pool, if offered. Appli­cants are informed that their con­sent to inclu­sion in the applicant/talent pool is vol­un­tary, has no influ­ence on the cur­rent appli­ca­tion pro­ce­dure and that they can revoke their con­sent at any time for the future.

  • Types of data processed: Appli­cant data (e.g. per­son­al details, postal and con­tact address­es, the doc­u­ments relat­ing to the appli­ca­tion and the infor­ma­tion con­tained there­in, such as cov­er let­ters, CVs, cer­tifi­cates and oth­er infor­ma­tion pro­vid­ed by appli­cants vol­un­tar­i­ly or with regard to a spe­cif­ic position).
  • Data sub­jects: Applicant
  • Pur­pos­es of pro­cess­ing: Appli­ca­tion pro­ce­dure (estab­lish­ment and pos­si­ble sub­se­quent imple­men­ta­tion as well as pos­si­ble sub­se­quent ter­mi­na­tion of the employ­ment relationship).
  • Legal basis: Appli­ca­tion pro­ce­dure as a pre-con­trac­tu­al or con­trac­tu­al rela­tion­ship (Art. 9(2)(b) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Cloud Services

We use Inter­net-acces­si­ble soft­ware ser­vices (so-called “cloud ser­vices”, also referred to as “Soft­ware as a Ser­vice”) pro­vid­ed on the servers of its providers for the fol­low­ing pur­pos­es: doc­u­ment stor­age and admin­is­tra­tion, cal­en­dar man­age­ment, e‑mail deliv­ery, spread­sheets and pre­sen­ta­tions, exchange of doc­u­ments, con­tent and infor­ma­tion with spe­cif­ic recip­i­ents or pub­li­ca­tion of web­sites, forms or oth­er con­tent and infor­ma­tion, as well as chats and par­tic­i­pa­tion in audio and video conferences.

With­in this frame­work, per­son­al data may be processed and stored on the provider’s servers inso­far as this data is part of com­mu­ni­ca­tion process­es with us or is oth­er­wise processed by us in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of data sub­jects, data on process­es, con­tracts, oth­er pro­ceed­ings and their con­tents. Cloud ser­vice providers also process usage data and meta­da­ta that they use for secu­ri­ty and ser­vice opti­miza­tion purposes.

If we use cloud ser­vices to pro­vide doc­u­ments and con­tent to oth­er users or pub­licly acces­si­ble web­sites, forms, etc., providers may store cook­ies on users’ devices for web analy­sis or to remem­ber user set­tings (e.g. in the case of media control).

Infor­ma­tion on legal basis — If we ask for per­mis­sion to use cloud ser­vices, the legal basis for pro­cess­ing data is con­sent. Fur­ther­more, their use can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of cloud ser­vices has been agreed in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient and secure admin­is­tra­tive and col­lab­o­ra­tion processes).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Cus­tomers, Employ­ees (e.g. Employ­ees, job appli­cants), Prospec­tive cus­tomers, Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: Office and organ­i­sa­tion­al procedures.
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Newsletter and Electronic Communications

We send newslet­ters, e‑mails and oth­er elec­tron­ic com­mu­ni­ca­tions (here­inafter referred to as “newslet­ters”) only with the con­sent of the recip­i­ent or a legal per­mis­sion. Inso­far as the con­tents of the newslet­ter are specif­i­cal­ly described with­in the frame­work of reg­is­tra­tion, they are deci­sive for the con­sent of the user. Oth­er­wise, our newslet­ters con­tain infor­ma­tion about our ser­vices and us.

In order to sub­scribe to our newslet­ters, it is gen­er­al­ly suf­fi­cient to enter your e‑mail address. We may, how­ev­er, ask you to pro­vide a name for the pur­pose of con­tact­ing you per­son­al­ly in the newslet­ter or to pro­vide fur­ther infor­ma­tion if this is required for the pur­pos­es of the newsletter.

Dou­ble opt-in pro­ce­dure: The reg­is­tra­tion to our newslet­ter takes place in gen­er­al in a so-called Dou­ble-Opt-In pro­ce­dure. This means that you will receive an e‑mail after reg­is­tra­tion ask­ing you to con­firm your reg­is­tra­tion. This con­fir­ma­tion is nec­es­sary so that no one can reg­is­ter with exter­nal e‑mail addresses.

The reg­is­tra­tions for the newslet­ter are logged in order to be able to prove the reg­is­tra­tion process accord­ing to the legal require­ments. This includes stor­ing the login and con­fir­ma­tion times as well as the IP address. Like­wise the changes of your data stored with the dis­patch ser­vice provider are logged.

Dele­tion and restric­tion of pro­cess­ing: We may store the unsub­scribed email address­es for up to three years based on our legit­i­mate inter­ests before delet­ing them to pro­vide evi­dence of pri­or con­sent. The pro­cess­ing of these data is lim­it­ed to the pur­pose of a pos­si­ble defense against claims. An indi­vid­ual dele­tion request is pos­si­ble at any time, pro­vid­ed that the for­mer exis­tence of a con­sent is con­firmed at the same time. In the case of an oblig­a­tion to per­ma­nent­ly observe an objec­tion, we reserve the right to store the e‑mail address sole­ly for this pur­pose in a blocklist.

Infor­ma­tion on legal bases: The send­ing of the newslet­ter is based on the con­sent of the recip­i­ents or, if con­sent is not required, on the basis of our legit­i­mate inter­ests in direct mar­ket­ing. Inso­far as we engage a ser­vice provider for send­ing e‑mails, this is done on the basis of our legit­i­mate inter­ests. The reg­is­tra­tion pro­ce­dure is record­ed on the basis of our legit­i­mate inter­ests for the pur­pose of demon­strat­ing that it has been con­duct­ed in accor­dance with the law.

Con­tents: Infor­ma­tion about us, our ser­vices, pro­mo­tions and offers.

Analy­sis and per­for­mance mea­sure­ment: The newslet­ters con­tain a so-called “web-bea­con”, i.e. a pix­el-sized file, which is retrieved from our serv­er when the newslet­ter is opened or, if we use a mail­ing ser­vice provider, from its serv­er. With­in the scope of this retrieval, tech­ni­cal infor­ma­tion such as infor­ma­tion about the brows­er and your sys­tem, as well as your IP address and time of retrieval are first collected.

This infor­ma­tion is used for the tech­ni­cal improve­ment of our newslet­ter on the basis of tech­ni­cal data or tar­get groups and their read­ing behav­iour on the basis of their retrieval points (which can be deter­mined with the help of the IP address) or access times. This analy­sis also includes deter­min­ing whether newslet­ters are opened, when they are opened and which links are clicked. For tech­ni­cal rea­sons, this infor­ma­tion can be assigned to the indi­vid­ual newslet­ter recip­i­ents. It is, how­ev­er, nei­ther our endeav­our nor, if used, that of the ship­ping ser­vice provider to observe indi­vid­ual users. The eval­u­a­tions serve us much more to rec­og­nize the read­ing habits of our users and to adapt our con­tent to them or to send dif­fer­ent con­tent accord­ing to the inter­ests of our users.

The eval­u­a­tion of the newslet­ter and the mea­sure­ment of suc­cess is car­ried out, sub­ject to the express con­sent of the user, on the basis of our legit­i­mate inter­ests for the pur­pos­es of using a user-friend­ly and secure newslet­ter sys­tem which serves both our busi­ness inter­ests and the expec­ta­tions of the user.

A sep­a­rate objec­tion to the per­for­mance mea­sure­ment is unfor­tu­nate­ly not pos­si­ble, in this case the entire newslet­ter sub­scrip­tion must be can­celled or object­ed to.

Send­ing via text mes­sages: The elec­tron­ic com­mu­ni­ca­tions can also be sent via text mes­sages (or are sent exclu­sive­ly via text mes­sages, if the send­ing autho­riza­tion, e.g., con­sent, only includes send­ing via SMS).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times).
  • Data sub­jects: Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: Direct mar­ket­ing (e.g. by e‑mail or postal).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).
  • Opt-Out: You can can­cel the receipt of our newslet­ter at any time, i.e. revoke your con­sent or object to fur­ther receipt. You will find a link to can­cel the newslet­ter either at the end of each newslet­ter or you can oth­er­wise use one of the con­tact options list­ed above, prefer­ably e‑mail.

 

Commercial Communication by E‑Mail, Postal Mail, Fax or Telephone

We process per­son­al data for the pur­pos­es of pro­mo­tion­al com­mu­ni­ca­tion, which may be car­ried out via var­i­ous chan­nels, such as e‑mail, tele­phone, post or fax, in accor­dance with the legal requirements.

The recip­i­ents have the right to with­draw their con­sent at any time or to object to the adver­tis­ing com­mu­ni­ca­tion at any time.

After with­draw­al or objec­tion, we may store the data required to prove con­sent for up to three years on the basis of our legit­i­mate inter­ests before we delete them. The pro­cess­ing of these data is lim­it­ed to the pur­pose of a pos­si­ble defense against claims. An indi­vid­ual dele­tion request is pos­si­ble at any time, pro­vid­ed that the for­mer exis­tence of a con­sent is affirmed.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone numbers).
  • Data sub­jects: Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: Direct mar­ket­ing (e.g. by e‑mail or postal).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Surveys and Questionnaires

The sur­veys and ques­tion­naires (“sur­veys”) car­ried out by us are eval­u­at­ed anony­mous­ly. Per­son­al data is only processed inso­far as this is nec­es­sary for the pro­vi­sion and tech­ni­cal exe­cu­tion of the sur­vey (e.g. pro­cess­ing the IP address to dis­play the sur­vey in the user’s brows­er or to enable a resump­tion of the sur­vey with the aid of a tem­po­rary cook­ie (ses­sion cook­ie)) or par­tic­i­pants have consented.

Infor­ma­tion on legal basis: If we ask the par­tic­i­pants for their con­sent to the pro­cess­ing of their data, this is the legal basis for the pro­cess­ing, oth­er­wise the pro­cess­ing of the par­tic­i­pants’ data is based on our legit­i­mate inter­ests in con­duct­ing an objec­tive survey.

  • Processed data types: Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: Con­tact requests and com­mu­ni­ca­tion, Direct mar­ket­ing (e.g. by e‑mail or postal), Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Feed­back (e.g. col­lect­ing feed­back via online form).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Web Analysis, Monitoring and Optimization

Web analy­sis is used to eval­u­ate the vis­i­tor traf­fic on our web­site and may include the behav­iour, inter­ests or demo­graph­ic infor­ma­tion of users, such as age or gen­der, as pseu­do­ny­mous val­ues. With the help of web analy­sis we can e.g. rec­og­nize, at which time our online ser­vices or their func­tions or con­tents are most fre­quent­ly used or request­ed for repeat­ed­ly, as well as which areas require optimization.

In addi­tion to web analy­sis, we can also use test pro­ce­dures, e.g. to test and opti­mize dif­fer­ent ver­sions of our online ser­vices or their components.

For these pur­pos­es, so-called user pro­files can be cre­at­ed and stored in a file (so-called “cook­ie”) or sim­i­lar pro­ce­dures in which the rel­e­vant user infor­ma­tion for the afore­men­tioned analy­ses is stored. This infor­ma­tion may include, for exam­ple, con­tent viewed, web pages vis­it­ed and ele­ments and tech­ni­cal data used there, such as the brows­er used, com­put­er sys­tem used and infor­ma­tion on times of use. If users have con­sent­ed to the col­lec­tion of their loca­tion data, these may also be processed, depend­ing on the provider.

The IP address­es of the users are also stored. How­ev­er, we use any exist­ing IP mask­ing pro­ce­dure (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to pro­tect the user. In gen­er­al, with­in the frame­work of web analy­sis, A/B test­ing and opti­mi­sa­tion, no user data (such as e‑mail address­es or names) is stored, but pseu­do­nyms. This means that we, as well as the providers of the soft­ware used, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their pro­files for the pur­pos­es of the respec­tive processes.

Infor­ma­tion on legal basis: If we ask the users for their con­sent to the use of third par­ty providers, the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, eco­nom­ic and recip­i­ent friend­ly ser­vices). In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy policy.

  • Processed data types: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing vis­i­tors), Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties), Pro­fil­ing (Cre­at­ing user profiles).
  • Secu­ri­ty mea­sures: IP Mask­ing (Pseu­do­nymiza­tion of the IP address).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Onlinemarketing

We process per­son­al data for the pur­pos­es of online mar­ket­ing, which may include in par­tic­u­lar the mar­ket­ing of adver­tis­ing space or the dis­play of adver­tis­ing and oth­er con­tent (col­lec­tive­ly referred to as “Con­tent”) based on the poten­tial inter­ests of users and the mea­sure­ment of their effectiveness.

For these pur­pos­es, so-called user pro­files are cre­at­ed and stored in a file (so-called “cook­ie”) or sim­i­lar pro­ce­dure in which the rel­e­vant user infor­ma­tion for the dis­play of the afore­men­tioned con­tent is stored. This infor­ma­tion may include, for exam­ple, con­tent viewed, web­sites vis­it­ed, online net­works used, com­mu­ni­ca­tion part­ners and tech­ni­cal infor­ma­tion such as the brows­er used, com­put­er sys­tem used and infor­ma­tion on usage times. If users have con­sent­ed to the col­lec­tion of their side­line data, these can also be processed.

The IP address­es of the users are also stored. How­ev­er, we use pro­vid­ed IP mask­ing pro­ce­dures (i.e. pseu­do­nymi­sa­tion by short­en­ing the IP address) to ensure the pro­tec­tion of the user’s by using a pseu­do­nym. In gen­er­al, with­in the frame­work of the online mar­ket­ing process, no clear user data (such as e‑mail address­es or names) is secured, but pseu­do­nyms. This means that we, as well as the providers of online mar­ket­ing pro­ce­dures, do not know the actu­al iden­ti­ty of the users, but only the infor­ma­tion stored in their profiles.

The infor­ma­tion in the pro­files is usu­al­ly stored in the cook­ies or sim­i­lar mem­o­riz­ing pro­ce­dures. These cook­ies can lat­er, gen­er­al­ly also on oth­er web­sites that use the same online mar­ket­ing tech­nol­o­gy, be read and ana­lyzed for pur­pos­es of con­tent dis­play, as well as sup­ple­ment­ed with oth­er data and stored on the serv­er of the online mar­ket­ing tech­nol­o­gy provider.

Excep­tion­al­ly, clear data can be assigned to the pro­files. This is the case, for exam­ple, if the users are mem­bers of a social net­work whose online mar­ket­ing tech­nol­o­gy we use and the net­work links the pro­files of the users in the afore­men­tioned data. Please note that users may enter into addi­tion­al agree­ments with the social net­work providers or oth­er ser­vice providers, e.g. by con­sent­ing as part of a reg­is­tra­tion process.

As a mat­ter of prin­ci­ple, we only gain access to sum­marised infor­ma­tion about the per­for­mance of our adver­tise­ments. How­ev­er, with­in the frame­work of so-called con­ver­sion mea­sure­ment, we can check which of our online mar­ket­ing process­es have led to a so-called con­ver­sion, i.e. to the con­clu­sion of a con­tract with us. The con­ver­sion mea­sure­ment is used alone for the per­for­mance analy­sis of our mar­ket­ing activities.

Unless oth­er­wise stat­ed, we kind­ly ask you to con­sid­er that cook­ies used will be stored for a peri­od of two years.

Infor­ma­tion on legal basis: If we ask users for their con­sent (e.g. in the con­text of a so-called “cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing data for online mar­ket­ing pur­pos­es is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy policy.

  • Processed data types: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online ser­vices), Prospec­tive customers.
  • Pur­pos­es of Pro­cess­ing: Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Con­ver­sion track­ing (Mea­sure­ment of the effec­tive­ness of mar­ket­ing activ­i­ties), Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user pro­files), Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing visitors).
  • Secu­ri­ty mea­sures: IP Mask­ing (Pseu­do­nymi­sa­tion of the IP address).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).We refer to the pri­va­cy poli­cies of the respec­tive ser­vice providers and the pos­si­bil­i­ties for objec­tion (so-called “opt-out”). If no explic­it opt-out option has been spec­i­fied, it is pos­si­ble to deac­ti­vate cook­ies in the set­tings of your brows­er. How­ev­er, this may restrict the func­tions of our online offer. We there­fore rec­om­mend the fol­low­ing addi­tion­al opt-out options, which are offered col­lec­tive­ly for each area:a) Europe: https://www.youronlinechoices.eu. b) Cana­da: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-region­al: https://optout.aboutads.info.

 

Ser­vices and ser­vice providers being used:

    • Online mar­ket­ing and web ana­lyt­ics; Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Website:

https://marketingplatform.google.com/intl/en/about/analytics/

    • ; Pri­va­cy Policy:

https://policies.google.com/privacy

    • ; Opt-Out: Opt-Out-Plugin:

https://tools.google.com/dlpage/gaoptout?hl=en

    • , Set­tings for the Dis­play of Advertisements:

https://adssettings.google.com/authenticated

    .

 

Rating Platforms

We par­tic­i­pate in rat­ing pro­ce­dures to eval­u­ate, opti­mise and adver­tise our per­for­mance. If users rate us via the par­tic­i­pat­ing rat­ing plat­forms or meth­ods or oth­er­wise pro­vide feed­back, the Gen­er­al Terms and Con­di­tions of Busi­ness or Use and the data pro­tec­tion infor­ma­tion of the providers also apply. As a rule, the rat­ing also requires reg­is­tra­tion with the respec­tive provider.

In order to ensure that the eval­u­a­tors have actu­al­ly made use of our ser­vices, we trans­mit, with the con­sent of the cus­tomer, the nec­es­sary data relat­ing to the cus­tomer and the ser­vice or prod­ucts used to the respec­tive rat­ing plat­form (this includes the name, e‑mail address, order num­ber or arti­cle num­ber). This data is used sole­ly to ver­i­fy the authen­tic­i­ty of the user.

  • Processed data types: Con­tract data (e.g. con­tract object, dura­tion, cus­tomer cat­e­go­ry), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Cus­tomers, Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: Feed­back (e.g. col­lect­ing feed­back via online form).
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Profiles in Social Networks (Social Media)

We main­tain online pres­ences with­in social net­works and process user data in this con­text in order to com­mu­ni­cate with the users active there or to offer infor­ma­tion about us.
We would like to point out that user data may be processed out­side the Euro­pean Union. This may entail risks for users, e.g. by mak­ing it more dif­fi­cult to enforce users’ rights.

In addi­tion, user data is usu­al­ly processed with­in social net­works for mar­ket research and adver­tis­ing pur­pos­es. For exam­ple, user pro­files can be cre­at­ed on the basis of user behav­iour and the asso­ci­at­ed inter­ests of users. The user pro­files can then be used, for exam­ple, to place adver­tise­ments with­in and out­side the net­works which are pre­sumed to cor­re­spond to the inter­ests of the users. For these pur­pos­es, cook­ies are usu­al­ly stored on the user’s com­put­er, in which the user’s usage behav­iour and inter­ests are stored. Fur­ther­more, data can be stored in the user pro­files inde­pen­dent­ly of the devices used by the users (espe­cial­ly if the users are mem­bers of the respec­tive net­wors or will become mem­bers lat­er on).

For a detailed descrip­tion of the respec­tive pro­cess­ing oper­a­tions and the opt-out options, please refer to the respec­tive data pro­tec­tion dec­la­ra­tions and infor­ma­tion pro­vid­ed by the providers of the respec­tive networks.

Also, in the case of requests for infor­ma­tion and the exer­cise of rights of data sub­jects, we point out that these can be most effec­tive­ly pur­sued with the providers. Only the providers have access to the data of the users and can direct­ly take appro­pri­ate mea­sures and pro­vide infor­ma­tion. If you still need help, please do not hes­i­tate to con­tact us.

Face­book: We are joint­ly respon­si­ble (so called “joint con­troller”) with Face­book Ire­land Ltd. for the col­lec­tion (but not the fur­ther pro­cess­ing) of data of vis­i­tors to our Face­book page. This data includes infor­ma­tion about the types of con­tent users view or inter­act with, or the actions they take (see “Things that you and oth­ers do and pro­vide” in the Face­book Data Pol­i­cy: https://www.facebook.com/policy), and infor­ma­tion about the devices used by users (e.g., IP address­es, oper­at­ing sys­tem, brows­er type, lan­guage set­tings, cook­ie infor­ma­tion; see “Device Infor­ma­tion” in the Face­book Data Pol­i­cy: https://www.facebook.com/policy). As explained in the Face­book Data Pol­i­cy under “How we use this infor­ma­tion?” Face­book also col­lects and uses infor­ma­tion to pro­vide ana­lyt­ics ser­vices, known as “page insights,” to site oper­a­tors to help them under­stand how peo­ple inter­act with their pages and with con­tent asso­ci­at­ed with them. We have con­clud­ed a spe­cial agree­ment with Face­book (“Infor­ma­tion about Page-Insights”, https://www.facebook.com/legal/terms/page_controller_addendum), which reg­u­lates in par­tic­u­lar the secu­ri­ty mea­sures that Face­book must observe and in which Face­book has agreed to ful­fill the rights of the per­sons con­cerned (i.e. users can send infor­ma­tion access or dele­tion requests direct­ly to Face­book). The rights of users (in par­tic­u­lar to access to infor­ma­tion, era­sure, objec­tion and com­plaint to the com­pe­tent super­vi­so­ry author­i­ty) are not restrict­ed by the agree­ments with Face­book. Fur­ther infor­ma­tion can be found in the “Infor­ma­tion about Page Insights” (https://www.facebook.com/legal/terms/information_about_page_insights_data).

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: Con­tact requests and com­mu­ni­ca­tion, Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Remar­ket­ing, Web Ana­lyt­ics (e.g. access sta­tis­tics, recog­ni­tion of return­ing visitors).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Plugins and embedded functions and content

With­in our online ser­vices, we inte­grate func­tion­al and con­tent ele­ments that are obtained from the servers of their respec­tive providers (here­inafter referred to as “third-par­ty providers”). These may, for exam­ple, be graph­ics, videos or social media but­tons as well as con­tri­bu­tions (here­inafter uni­form­ly referred to as “Con­tent”).

The inte­gra­tion always pre­sup­pos­es that the third-par­ty providers of this con­tent process the IP address of the user, since they could not send the con­tent to their brows­er with­out the IP address. The IP address is there­fore required for the pre­sen­ta­tion of these con­tents or func­tions. We strive to use only those con­tents, whose respec­tive offer­ers use the IP address only for the dis­tri­b­u­tion of the con­tents. Third par­ties may also use so-called pix­el tags (invis­i­ble graph­ics, also known as “web bea­cons”) for sta­tis­ti­cal or mar­ket­ing pur­pos­es. The “pix­el tags” can be used to eval­u­ate infor­ma­tion such as vis­i­tor traf­fic on the pages of this web­site. The pseu­do­ny­mous infor­ma­tion may also be stored in cook­ies on the user’s device and may include tech­ni­cal infor­ma­tion about the brows­er and oper­at­ing sys­tem, refer­ring web­sites, vis­it times and oth­er infor­ma­tion about the use of our web­site, as well as may be linked to such infor­ma­tion from oth­er sources.

Infor­ma­tion on legal basis: If we ask users for their con­sent (e.g. in the con­text of a so-called “cook­ie ban­ner con­sent”), the legal basis for pro­cess­ing is this con­sent. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in the analy­sis, opti­mi­sa­tion and eco­nom­ic oper­a­tion of our online ser­vices. We refer you to the note on the use of cook­ies in this pri­va­cy policy.

  • Processed data types: Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP address­es), Loca­tion data (Infor­ma­tion on the geo­graph­i­cal posi­tion of a device or per­son), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos).
  • Data sub­jects: Users (e.g. web­site vis­i­tors, users of online ser­vices), Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.).
  • Pur­pos­es of Pro­cess­ing: Pro­vi­sion of our online ser­vices and usabil­i­ty, Pro­vi­sion of con­trac­tu­al ser­vices and cus­tomer sup­port, Con­tact requests and com­mu­ni­ca­tion, Direct mar­ket­ing (e.g. by e‑mail or postal), Tar­get­ing (e.g. pro­fil­ing based on inter­ests and behav­iour, use of cook­ies), Inter­est-based and behav­ioral mar­ket­ing, Pro­fil­ing (Cre­at­ing user profiles).
  • Legal Basis: Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR), Con­sent (Arti­cle 6 (1) (a) GDPR).

 

Ser­vices and ser­vice providers being used:

  • Google Fonts: We inte­grate the fonts (“Google Fonts”) of the provider Google, where­by the data of the users are used sole­ly for pur­pos­es of the rep­re­sen­ta­tion of the fonts in the brows­er of the users. The inte­gra­tion takes place on the basis of our legit­i­mate inter­ests in a tech­ni­cal­ly secure, main­te­nance-free and effi­cient use of fonts, their uni­form pre­sen­ta­tion and con­sid­er­a­tion of pos­si­ble licens­ing restric­tions for their inte­gra­tion. Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://fonts.google.com/; Pri­va­cy Pol­i­cy: https://policies.google.com/privacy.
  • Google Maps: We inte­grate the maps of the ser­vice “Google Maps” from the provider Google. The data processed may include, in par­tic­u­lar, IP address­es and loca­tion data of users, which are not col­lect­ed with­out their con­sent (usu­al­ly with­in the frame­work of the set­tings of their mobile devices); Ser­vice provider: Google Ire­land Lim­it­ed, Gor­don House, Bar­row Street, Dublin 4, Ire­land, par­ent com­pa­ny: Google LLC, 1600 Amphithe­atre Park­way, Moun­tain View, CA 94043, USA; Web­site: https://cloud.google.com/maps-platform; Pri­va­cy Pol­i­cy: https://policies.google.com/privacy; Opt-Out: Opt-Out-Plu­g­in: https://tools.google.com/dlpage/gaoptout?hl=en, Set­tings for the Dis­play of Adver­tise­ments: https://adssettings.google.com/authenticated.
  • LinkedIn plu­g­ins and con­tents: LinkedIn plu­g­ins and con­tents — This can include con­tent such as images, videos or text and but­tons with which users can share con­tent from this online ser­vice with­in LinkedIn. Ser­vice provider: LinkedIn Ire­land Unlim­it­ed Com­pa­ny, Wilton Place, Dublin 2, Ire­land; Web­site: https://www.linkedin.com; Pri­va­cy Pol­i­cy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Planning, Organization and Utilities

We use ser­vices, plat­forms and soft­ware from oth­er providers (here­inafter referred to as ” third-par­ty providers”) for the pur­pos­es of orga­niz­ing, admin­is­ter­ing, plan­ning and pro­vid­ing our ser­vices. When select­ing third-par­ty providers and their ser­vices, we com­ply with the legal requirements.

With­in this con­text, per­son­al data may be processed and stored on the servers of third-par­ty providers. This may include var­i­ous data that we process in accor­dance with this pri­va­cy pol­i­cy. This data may include in par­tic­u­lar mas­ter data and con­tact data of users, data on process­es, con­tracts, oth­er process­es and their contents.

If users are referred to the third-par­ty providers or their soft­ware or plat­forms in the con­text of com­mu­ni­ca­tion, busi­ness or oth­er rela­tion­ships with us, the third-par­ty provider pro­cess­ing may process usage data and meta­da­ta that can be processed by them for secu­ri­ty pur­pos­es, ser­vice opti­mi­sa­tion or mar­ket­ing pur­pos­es. We there­fore ask you to read the data pro­tec­tion notices of the respec­tive third-par­ty providers.

Infor­ma­tion on legal basis: If we ask the users for their con­sent to the use of third-par­ty providers, the legal basis of the pro­cess­ing is con­sent. Fur­ther­more, the pro­cess­ing can be a com­po­nent of our (pre)contractual ser­vices, pro­vid­ed that the use of the third par­ty was agreed with­in this con­text. Oth­er­wise, user data will be processed on the basis of our legit­i­mate inter­ests (i.e. inter­est in effi­cient, eco­nom­ic and recip­i­ent friend­ly ser­vices). In this con­text, we would also like to refer you to the infor­ma­tion on the use of cook­ies in this pri­va­cy policy.

  • Processed data types: Inven­to­ry data (e.g. names, address­es), Con­tact data (e.g. e‑mail, tele­phone num­bers), Con­tent data (e.g. text input, pho­tographs, videos), Usage data (e.g. web­sites vis­it­ed, inter­est in con­tent, access times), Meta/communication data (e.g. device infor­ma­tion, IP addresses).
  • Data sub­jects: Com­mu­ni­ca­tion part­ner (Recip­i­ents of e‑mails, let­ters, etc.), Users (e.g. web­site vis­i­tors, users of online services).
  • Pur­pos­es of Pro­cess­ing: Con­tact requests and communication.
  • Legal Basis: Con­sent (Arti­cle 6 (1) (a) GDPR), Per­for­mance of a con­tract and pri­or requests (Arti­cle 6 (1) (b) GDPR), Legit­i­mate Inter­ests (Arti­cle 6 (1) (f) GDPR).

 

Ser­vices and ser­vice providers being used:

 

Deletion of data

The data processed by us will be delet­ed in accor­dance with the statu­to­ry pro­vi­sions as soon as their pro­cess­ing is revoked or oth­er per­mis­sions no longer apply (e.g. if the pur­pose of pro­cess­ing this data no longer applies or they are not required for the purpose).

If the data is not delet­ed because they are required for oth­er and legal­ly per­mis­si­ble pur­pos­es, their pro­cess­ing is lim­it­ed to these pur­pos­es. This means that the data will be restrict­ed and not processed for oth­er pur­pos­es. This applies, for exam­ple, to data that must be stored for com­mer­cial or tax rea­sons or for which stor­age is nec­es­sary to assert, exer­cise or defend legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal person.

Fur­ther infor­ma­tion on the era­sure of per­son­al data can also be found in the indi­vid­ual data pro­tec­tion notices of this pri­va­cy policy.

Changes and Updates to the Pri­va­cy Policy
We kind­ly ask you to inform your­self reg­u­lar­ly about the con­tents of our data pro­tec­tion dec­la­ra­tion. We will adjust the pri­va­cy pol­i­cy as changes in our data pro­cess­ing prac­tices make this nec­es­sary. We will inform you as soon as the changes require your coop­er­a­tion (e.g. con­sent) or oth­er indi­vid­ual notification.

If we pro­vide address­es and con­tact infor­ma­tion of com­pa­nies and orga­ni­za­tions in this pri­va­cy pol­i­cy, we ask you to note that address­es may change over time and to ver­i­fy the infor­ma­tion before con­tact­ing us.

Rights of Data Subjects
As data sub­ject, you are enti­tled to var­i­ous rights under the GDPR, which arise in par­tic­u­lar from Arti­cles 15 to 21 of the GDPR:

  • Right to Object: You have the right, on grounds aris­ing from your par­tic­u­lar sit­u­a­tion, to object at any time to the pro­cess­ing of your per­son­al data which is based on let­ter (e) or (f) of Arti­cle 6(1) GDPR , includ­ing pro­fil­ing based on those pro­vi­sions. Where per­son­al data are processed for direct mar­ket­ing pur­pos­es, you have the right to object at any time to the pro­cess­ing of the per­son­al data con­cern­ing you for the pur­pose of such mar­ket­ing, which includes pro­fil­ing to the extent that it is relat­ed to such direct marketing.
  • Right of with­draw­al for con­sents: You have the right to revoke con­sents at any time.
  • Right of access: You have the right to request con­fir­ma­tion as to whether the data in ques­tion will be processed and to be informed of this data and to receive fur­ther infor­ma­tion and a copy of the data in accor­dance with the pro­vi­sions of the law.
  • Right to rec­ti­fi­ca­tion: You have the right, in accor­dance with the law, to request the com­ple­tion of the data con­cern­ing you or the rec­ti­fi­ca­tion of the incor­rect data con­cern­ing you.
  • Right to Era­sure and Right to Restric­tion of Pro­cess­ing: In accor­dance with the statu­to­ry pro­vi­sions, you have the right to demand that the rel­e­vant data be erased imme­di­ate­ly or, alter­na­tive­ly, to demand that the pro­cess­ing of the data be restrict­ed in accor­dance with the statu­to­ry provisions.
  • Right to data porta­bil­i­ty: You have the right to receive data con­cern­ing you which you have pro­vid­ed to us in a struc­tured, com­mon and machine-read­able for­mat in accor­dance with the legal require­ments, or to request its trans­mis­sion to anoth­er controller.
  • Com­plaint to the super­vi­so­ry author­i­ty: You also have the right, under the con­di­tions laid down by law, to lodge a com­plaint with a super­vi­so­ry author­i­ty, in par­tic­u­lar in the Mem­ber State of your habit­u­al res­i­dence, place of work or place of the alleged infringe­ment if you con­sid­er that the pro­cess­ing of per­son­al data relat­ing to you infringes the GDPR.

 

Terminology and Definitions

This sec­tion pro­vides an overview of the terms used in this pri­va­cy pol­i­cy. Many of the terms are drawn from the law and defined main­ly in Arti­cle 4 GDPR. The legal def­i­n­i­tions are bind­ing. The fol­low­ing expla­na­tions, on the oth­er hand, are intend­ed above all for the pur­pose of com­pre­hen­sion. The terms are sort­ed alphabetically.

  • Con­troller: “Con­troller” means the nat­ur­al or legal per­son, pub­lic author­i­ty, agency or oth­er body which, alone or joint­ly with oth­ers, deter­mines the pur­pos­es and means of the pro­cess­ing of per­son­al data.
  • Con­ver­sion track­ing: Con­ver­sion track­ing is a method used to eval­u­ate the effec­tive­ness of mar­ket­ing mea­sures. For this pur­pose, a cook­ie is usu­al­ly stored on the devices of the users with­in the web­sites on which the mar­ket­ing mea­sures take place and then called up again on the tar­get web­site (e.g. we can thus trace whether the adver­tise­ments placed by us on oth­er web­sites were successful).
  • IP Mask­ing: IP mask­ing is a method by which the last octet, i.e. the last two num­bers of an IP address, are delet­ed so that the IP address alone can no longer be used to unique­ly iden­ti­fy a per­son. IP mask­ing is there­fore a means of pseu­do­nymis­ing pro­cess­ing meth­ods, par­tic­u­lar­ly in online marketing.
  • Inter­est-based and behav­iour­al mar­ket­ing: Inter­est-relat­ed and/or behav­iour-relat­ed mar­ket­ing is the term used when poten­tial user inter­est in adver­tise­ments and oth­er con­tent is pre­dict­ed if pos­si­ble. This is done on the basis of infor­ma­tion on the pre­vi­ous behav­iour of users (e.g. vis­it­ing and stay­ing on cer­tain web­sites, pur­chas­ing behav­iour or inter­ac­tion with oth­er users), which is stored in a so-called pro­file. For these pur­pose, cook­ies are usu­al­ly used.
  • Loca­tion data: Loca­tion data is cre­at­ed when a mobile device (or anoth­er device with the tech­ni­cal require­ments for a loca­tion deter­mi­na­tion) con­nects to a radio cell, a WLAN or sim­i­lar tech­ni­cal means and func­tions of loca­tion deter­mi­na­tion. Loca­tion data serve to indi­cate the geo­graph­i­cal­ly deter­minable posi­tion of the earth at which the respec­tive device is locat­ed. Loca­tion data can be used, for exam­ple, to dis­play map func­tions or oth­er infor­ma­tion depen­dent on a location.
  • Per­son­al Data: “Per­son­al data” means any infor­ma­tion relat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (“data sub­ject”); an iden­ti­fi­able nat­ur­al per­son is one who can be iden­ti­fied, direct­ly or indi­rect­ly, in par­tic­u­lar by ref­er­ence to an iden­ti­fi­er such as a name, an iden­ti­fi­ca­tion num­ber, loca­tion data, an online iden­ti­fi­er or to one or more fac­tors spe­cif­ic to the phys­i­cal, phys­i­o­log­i­cal, genet­ic, men­tal, eco­nom­ic, cul­tur­al or social iden­ti­ty of that nat­ur­al person.
  • Pro­cess­ing: The term “pro­cess­ing” cov­ers a wide range and prac­ti­cal­ly every han­dling of data, be it col­lec­tion, eval­u­a­tion, stor­age, trans­mis­sion or erasure.
  • Pro­fil­ing: “Pro­fil­ing” means any auto­mat­ed pro­cess­ing of per­son­al data con­sist­ing in the use of such per­son­al data to analyse, eval­u­ate or pre­dict cer­tain per­son­al aspects relat­ing to a nat­ur­al per­son (depend­ing on the type of pro­fil­ing, this includes infor­ma­tion regard­ing age, gen­der, loca­tion and move­ment data, inter­ac­tion with web­sites and their con­tents, shop­ping behav­iour, social inter­ac­tions with oth­er peo­ple) (e.g. inter­ests in cer­tain con­tents or prod­ucts, click behav­iour on a web­site or the loca­tion). Cook­ies and web bea­cons are often used for pro­fil­ing purposes.
  • Remar­ket­ing: Remar­ket­ing” or “retar­get­ing” is the term used, for exam­ple, to indi­cate for adver­tis­ing pur­pos­es which prod­ucts a user is inter­est­ed in on a web­site in order to remind the user of these prod­ucts on oth­er web­sites, e.g. in advertisements.
  • Tar­get­ing: Track­ing” is the term used when the behav­iour of users can be traced across sev­er­al web­sites. As a rule, behav­iour and inter­est infor­ma­tion with regard to the web­sites used is stored in cook­ies or on the servers of the track­ing tech­nol­o­gy providers (so-called pro­fil­ing). This infor­ma­tion can then be used, for exam­ple, to dis­play adver­tise­ments to users pre­sum­ably cor­re­spond­ing to their interests.
  • Web Ana­lyt­ics: Web Ana­lyt­ics serves the eval­u­a­tion of vis­i­tor traf­fic of online ser­vices and can deter­mine their behav­iour or inter­ests in cer­tain infor­ma­tion, such as con­tent of web­sites. With the help of web ana­lyt­ics, web­site own­ers, for exam­ple, can rec­og­nize at what time vis­i­tors vis­it their web­site and what con­tent they are inter­est­ed in. This allows them, for exam­ple, to opti­mize the con­tent of the web­site to bet­ter meet the needs of their vis­i­tors. For pur­pos­es of web ana­lyt­ics, pseu­do­ny­mous cook­ies and web bea­cons are fre­quent­ly used in order to recog­nise return­ing vis­i­tors and thus obtain more pre­cise analy­ses of the use of an online service.